CVE-2023-51559

Foxit PDF Reader Doc Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22258.

Published: May 3, 2024
Updated: Aug 14, 2025
CVE: CVE-2023-51559
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.3
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
foxit / pdf_editor	-	10.1.12.37872.x
foxit / pdf_editor	11.0.0	11.2.7.53812.x
foxit / pdf_editor	12.0.0	12.1.3.15356.x
foxit / pdf_editor	13.0.0.21632	13.0.0.21632.x
foxit / pdf_editor	2023.1.0.15510	2023.1.0.15510.x
foxit / pdf_editor	2023.2.0.21408	2023.2.0.21408.x
foxit / pdf_reader	-	2023.2.0.21408.x
foxit / pdf_editor	-	11.1.5.0913.x
foxit / pdf_editor	12.0.0.0601	12.1.1.55342.x
foxit / pdf_editor	13.0.0.61829	13.0.0.61829.x
foxit / pdf_editor	2023.1.0.55583	2023.1.0.55583.x
foxit / pdf_editor	2023.2.0.61611	2023.2.0.61611.x
foxit / pdf_reader	-	2023.2.0.61611.x

https://www.zerodayinitiative.com/advisories/ZDI-23-1872/

Vulnerability Database

CVE-2023-51559